Update the scorecard dependencies a little higher (again)

bazelbuild / rules_pkg

Bazel rules for creating packages of many types (zip, tar, deb, rpm, ...)

Apache License 2.0

212 stars 166 forks source link

Update the scorecard dependencies a little higher (again) #846

Open aiuto opened 3 months ago

aiuto commented 3 months ago

Yun. What do you think about a recommendation that all bazelbuild repositories copy this workflow directly from bazel?

meteorcloudy commented 3 months ago

Yes, I think this makes sense, and should probably be added to https://docs.google.com/document/d/1L1JFgjpZ7SrBinb24DC_5nTIELeYDacikcme-YcA7xs/edit#heading=h.5kq5q3o81vg9

aiuto commented 3 months ago

Yes, I think this makes sense, and should probably be added to https://docs.google.com/document/d/1L1JFgjpZ7SrBinb24DC_5nTIELeYDacikcme-YcA7xs/edit#heading=h.5kq5q3o81vg9

Suggestion added in the doc

aiuto commented 3 months ago

I copied all the dependencies from bazel. I can't use that scorecard.yml directly because of diffs like the branch name and run frequency.

aiuto commented 2 months ago

Github is wedge. The conversation is resolved, but the merge is still blocked.